aboutsummaryrefslogtreecommitdiffstats
path: root/src/pluto
diff options
context:
space:
mode:
Diffstat (limited to 'src/pluto')
-rw-r--r--src/pluto/crl.c2
-rw-r--r--src/pluto/ipsec_doi.c24
-rw-r--r--src/pluto/ocsp.c28
-rw-r--r--src/pluto/pgpcert.c5
-rw-r--r--src/pluto/pkcs7.c77
-rw-r--r--src/pluto/x509.c7
6 files changed, 39 insertions, 104 deletions
diff --git a/src/pluto/crl.c b/src/pluto/crl.c
index 84d58ab85..52f46e701 100644
--- a/src/pluto/crl.c
+++ b/src/pluto/crl.c
@@ -290,7 +290,7 @@ bool insert_crl(x509crl_t *crl, chunk_t crl_uri, bool cache_crl)
{
char path[BUF_LEN], buf[BUF_LEN];
char digest_buf[HASH_SIZE_SHA1];
- chunk_t subjectKeyID = chunk_from_buf(digest_buf);
+ chunk_t subjectKeyID = chunk_create(digest_buf, sizeof(digest_buf));
bool has_keyID;
if (issuer_cert->subjectKeyID.ptr == NULL)
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c
index 21cecd90b..5cc8ff23e 100644
--- a/src/pluto/ipsec_doi.c
+++ b/src/pluto/ipsec_doi.c
@@ -1233,12 +1233,9 @@ static bool generate_skeyids_iv(struct state *st)
/* generate SKEYID_* from SKEYID */
{
- char buf_skeyid_d[] = { 0x00 };
- char buf_skeyid_a[] = { 0x01 };
- char buf_skeyid_e[] = { 0x02 };
- chunk_t seed_skeyid_d = chunk_from_buf(buf_skeyid_d);
- chunk_t seed_skeyid_a = chunk_from_buf(buf_skeyid_a);
- chunk_t seed_skeyid_e = chunk_from_buf(buf_skeyid_e);
+ chunk_t seed_skeyid_d = chunk_from_chars(0x00);
+ chunk_t seed_skeyid_a = chunk_from_chars(0x01);
+ chunk_t seed_skeyid_e = chunk_from_chars(0x02);
chunk_t icookie = { st->st_icookie, COOKIE_SIZE };
chunk_t rcookie = { st->st_rcookie, COOKIE_SIZE };
pseudo_random_function_t prf_alg;
@@ -1308,8 +1305,7 @@ static bool generate_skeyids_iv(struct state *st)
if (keysize > st->st_skeyid_e.len)
{
u_char keytemp[MAX_OAKLEY_KEY_LEN + MAX_DIGEST_LEN];
- char seed_buf[] = { 0x00 };
- chunk_t seed = chunk_from_buf(seed_buf);
+ chunk_t seed = chunk_from_chars(0x00);
size_t prf_block_size, i;
pseudo_random_function_t prf_alg;
prf_t *prf;
@@ -1775,8 +1771,7 @@ static size_t quick_mode_hash12(u_char *dest, u_char *start, u_char *roof,
*/
static size_t quick_mode_hash3(u_char *dest, struct state *st)
{
- char seed_buf[] = { 0x00 };
- chunk_t seed_chunk = chunk_from_buf(seed_buf);
+ chunk_t seed_chunk = chunk_from_chars(0x00);
chunk_t msgid_chunk = chunk_from_thing(st->st_msgid);
pseudo_random_function_t prf_alg;
prf_t *prf;
@@ -3466,8 +3461,7 @@ stf_status main_inR2_outI3(struct msg_digest *md)
/* HASH_I or SIG_I out */
{
- u_char hash_buf[MAX_DIGEST_LEN];
- chunk_t hash = chunk_from_buf(hash_buf);
+ chunk_t hash = chunk_alloca(MAX_DIGEST_LEN);
main_mode_hash(st, &hash, TRUE, &id_pbs);
@@ -3558,8 +3552,7 @@ main_id_and_auth(struct msg_digest *md
, const struct key_continuation *kc /* current state, can be NULL */
)
{
- u_char hash_buf[MAX_DIGEST_LEN];
- chunk_t hash = chunk_from_buf(hash_buf);
+ chunk_t hash = chunk_alloca(MAX_DIGEST_LEN);
struct state *st = md->st;
struct id peer;
stf_status r = STF_OK;
@@ -3881,8 +3874,7 @@ main_inI3_outR3_tail(struct msg_digest *md
/* HASH_R or SIG_R out */
{
- u_char hash_buf[MAX_DIGEST_LEN];
- chunk_t hash = chunk_from_buf(hash_buf);
+ chunk_t hash = chunk_alloca(MAX_DIGEST_LEN);
main_mode_hash(st, &hash, FALSE, &r_id_pbs);
diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c
index 49225a68c..da81ce2d8 100644
--- a/src/pluto/ocsp.c
+++ b/src/pluto/ocsp.c
@@ -126,26 +126,17 @@ struct request_list {
};
/* some OCSP specific prefabricated ASN.1 constants */
-
-static u_char ASN1_nonce_oid_str[] = {
+static const chunk_t ASN1_nonce_oid = chunk_from_chars(
0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02
-};
-
-static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str);
-
-static u_char ASN1_response_oid_str[] = {
+);
+static const chunk_t ASN1_response_oid = chunk_from_chars(
0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04
-};
-
-static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str);
-
-static u_char ASN1_response_content_str[] = {
+);
+static const chunk_t ASN1_response_content = chunk_from_chars(
0x04, 0x0D,
0x30, 0x0B,
0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01
-};
-
-static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str);
+);
/* default OCSP uri */
static chunk_t ocsp_default_uri;
@@ -726,8 +717,7 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc)
{
hasher_t *hasher;
u_char *pos;
- u_char digest_buf[HASH_SIZE_SHA1];
- chunk_t digest = chunk_from_buf(digest_buf);
+ chunk_t digest;
chunk_t digest_info, sigdata;
size_t siglen = 0;
@@ -756,7 +746,7 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc)
{
return chunk_empty;
}
- hasher->get_hash(hasher, tbs, digest_buf);
+ hasher->allocate_hash(hasher, tbs, &digest);
hasher->destroy(hasher);
/* according to PKCS#1 v2.1 digest must be packaged into
@@ -764,7 +754,7 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc)
*/
digest_info = asn1_wrap(ASN1_SEQUENCE, "mm"
, asn1_algorithmIdentifier(OID_SHA1)
- , asn1_simple_object(ASN1_OCTET_STRING, digest));
+ , asn1_wrap(ASN1_OCTET_STRING, "m", digest));
pos = asn1_build_object(&sigdata, ASN1_BIT_STRING, 1 + siglen);
*pos++ = 0x00;
diff --git a/src/pluto/pgpcert.c b/src/pluto/pgpcert.c
index e1561665a..2b1f5cbb8 100644
--- a/src/pluto/pgpcert.c
+++ b/src/pluto/pgpcert.c
@@ -261,10 +261,9 @@ static bool parse_pgp_pubkey_packet(chunk_t *packet, pgpcert_t *cert)
/* compute V4 or V3 fingerprint according to section 12.2 of RFC 4880 */
if (cert->version == 4)
{
- char pubkey_packet_header_buf[] = {
+ chunk_t pubkey_packet_header = chunk_from_chars(
0x99, pubkey_packet.len / 256, pubkey_packet.len % 256
- };
- chunk_t pubkey_packet_header = chunk_from_buf(pubkey_packet_header_buf);
+ );
chunk_t hash;
hasher_t *hasher;
diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c
index edeb5ae12..57310a73c 100644
--- a/src/pluto/pkcs7.c
+++ b/src/pluto/pkcs7.c
@@ -130,77 +130,34 @@ static const asn1Object_t envelopedDataObjects[] = {
/**
* PKCS7 contentInfo OIDs
*/
-
-static u_char ASN1_pkcs7_data_oid_str[] = {
+static chunk_t ASN1_pkcs7_data_oid = chunk_from_chars(
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
-};
-
-static u_char ASN1_pkcs7_signed_data_oid_str[] = {
+);
+static chunk_t ASN1_pkcs7_signed_data_oid = chunk_from_chars(
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02
-};
-
-static u_char ASN1_pkcs7_enveloped_data_oid_str[] = {
+);
+static chunk_t ASN1_pkcs7_enveloped_data_oid = chunk_from_chars(
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03
-};
-
-static u_char ASN1_pkcs7_signed_enveloped_data_oid_str[] = {
+);
+static chunk_t ASN1_pkcs7_signed_enveloped_data_oid = chunk_from_chars(
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x04
-};
-
-static u_char ASN1_pkcs7_digested_data_oid_str[] = {
- 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05
-};
-
-static char ASN1_pkcs7_encrypted_data_oid_str[] = {
+);
+static chunk_t ASN1_pkcs7_digested_data_oid = chunk_from_chars(
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06
-};
-
-static const chunk_t ASN1_pkcs7_data_oid =
- chunk_from_buf(ASN1_pkcs7_data_oid_str);
-static const chunk_t ASN1_pkcs7_signed_data_oid =
- chunk_from_buf(ASN1_pkcs7_signed_data_oid_str);
-static const chunk_t ASN1_pkcs7_enveloped_data_oid =
- chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str);
-static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid =
- chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str);
-static const chunk_t ASN1_pkcs7_digested_data_oid =
- chunk_from_buf(ASN1_pkcs7_digested_data_oid_str);
-static const chunk_t ASN1_pkcs7_encrypted_data_oid =
- chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str);
-
-/**
- * 3DES and DES encryption OIDs
- */
-
-static u_char ASN1_3des_ede_cbc_oid_str[] = {
- 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07
-};
-
-static u_char ASN1_des_cbc_oid_str[] = {
- 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x07
-};
-
-static const chunk_t ASN1_3des_ede_cbc_oid =
- chunk_from_buf(ASN1_3des_ede_cbc_oid_str);
-static const chunk_t ASN1_des_cbc_oid =
- chunk_from_buf(ASN1_des_cbc_oid_str);
+);
+static chunk_t ASN1_pkcs7_encrypted_data_oid = chunk_from_chars(
+ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05
+);
/**
* PKCS#7 attribute type OIDs
*/
-
-static u_char ASN1_contentType_oid_str[] = {
+static chunk_t ASN1_contentType_oid = chunk_from_chars(
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03
-};
-
-static u_char ASN1_messageDigest_oid_str[] = {
+);
+static chunk_t ASN1_messageDigest_oid = chunk_from_chars(
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04
-};
-
-static const chunk_t ASN1_contentType_oid =
- chunk_from_buf(ASN1_contentType_oid_str);
-static const chunk_t ASN1_messageDigest_oid =
- chunk_from_buf(ASN1_messageDigest_oid_str);
+);
/**
* Parse PKCS#7 ContentInfo object
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
index 9d4448c94..f1d079560 100644
--- a/src/pluto/x509.c
+++ b/src/pluto/x509.c
@@ -333,11 +333,9 @@ static const x501rdn_t x501rdns[] = {
#define X501_RDN_ROOF 26
-static u_char ASN1_subjectAltName_oid_str[] = {
+static chunk_t ASN1_subjectAltName_oid = chunk_from_chars(
0x06, 0x03, 0x55, 0x1D, 0x11
-};
-
-static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_subjectAltName_oid_str);
+);
static void update_chunk(chunk_t *ch, int n)
{
@@ -345,7 +343,6 @@ static void update_chunk(chunk_t *ch, int n)
ch->ptr += n; ch->len -= n;
}
-
/**
* Pointer is set to the first RDN in a DN
*/
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 15:16:28 +0000